[
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16313914#comment-16313914
]
ASF GitHub Bot commented on NIFI-4708:
--------------------------------------
Github user alopresto commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2376#discussion_r159982870
--- Diff:
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/util/NiFiRegistryIdentityProvidersXmlEncryptor.groovy
---
@@ -0,0 +1,105 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig.util
+
+import groovy.xml.XmlUtil
+import org.apache.nifi.properties.SensitivePropertyProvider
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+import org.xml.sax.SAXException
+
+class NiFiRegistryIdentityProvidersXmlEncryptor extends XmlEncryptor {
+
+ private static final Logger logger =
LoggerFactory.getLogger(NiFiRegistryIdentityProvidersXmlEncryptor.class)
+
+ private static final String LDAP_PROVIDER_CLASS =
"org.apache.nifi.registry.security.ldap.LdapIdentityProvider"
+ private static final String LDAP_PROVIDER_REGEX =
/(?s)<provider>(?:(?!<provider>).)*?<class>\s*org\.apache\.nifi\.registry\.security\.ldap\.LdapIdentityProvider.*?<\/provider>/
+ /* Explanation of LDAP_PROVIDER_REGEX:
+ * (?s) -> single-line mode (i.e., `.`
in regex matches newlines)
+ * <provider> -> find occurrence of
`<provider>` literally (case-sensitive)
+ * (?: ... ) -> group but do not capture
submatch
+ * (?! ... ) -> negative lookahead
+ * (?:(?!<provider>).)*? -> find everything until a new
`<provider>` starts. This is for not selecting multiple providers in one match
+ * <class> -> find occurrence of `<class>`
literally (case-sensitive)
+ * \s* -> find any whitespace
+ * org\.apache\.nifi\.registry\.security\.ldap\.LdapIdentityProvider
+ * -> find occurrence of
`org.apache.nifi.registry.security.ldap.LdapIdentityProvider` literally
(case-sensitive)
+ * .*?</provider> -> find everything as needed up
until and including occurrence of `</provider>`
+ */
+
+ NiFiRegistryIdentityProvidersXmlEncryptor(SensitivePropertyProvider
encryptionProvider, SensitivePropertyProvider decryptionProvider) {
+ super(encryptionProvider, decryptionProvider)
+ }
+
+ @Override
+ String encrypt(String plainXmlContent) {
--- End diff --
Add Javadoc explaining operation of overriding method and why custom
implementation is necessary.
> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> ------------------------------------------------------------------------
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
> Issue Type: Improvement
> Reporter: Kevin Doran
> Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g.,
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml).
> These files are very difficult to encrypt by hand, and is not recommended.
> Because NiFi Registry utilizes the same encryption algorithms supported by
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config
> properties is to extend the the encrypt-config tool in NiFi Toolkit to
> support NiFi Registry as well.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
